PCT 



WORLD INTELLECTUAL PROPERTY ORGANIZATION 
WORLD irt "^-^^ationai Bureau 




1, AppijCATlON PUBLISHED ™™» THE PATENT COOPERATION TREATY^ 

INTERNATIO NAL APPLICATION f up . ZZ~ZZZ WO 00/31i 

(51) International Patent Classification 7 : 



H04N 1/44, 7/167 



Al 



(11) International Publication Number: 
(43) International Publication Pate; 



WO 00/31564 

2 June 2000 (02.06.00) 



(21 ) mtemational Action Number: PCT/SE99/02106 

(22) International Rung Date: 17 November 1999 (17.1 1.99) 



20 November 1998 (20.1 1.98) SE 



(30) Priority Data: 
9803979-5 

i rm AnnUcant: TELEFONAKTtEBOLAGET LM ERICSSON 
I ™ AP ff) [SEStl26 25 Stockholm (SE). 

tamtosi Mamus- VSrvagen 10, S-194 60 Upp- 
™ "^vSTS SsSON. Mafias: Laxgatan 17. 5 «r. 
S-133 43 Saltsjobaden (SE). 

. tc . caNDSTROM, Staffan et al.; Bergenstrahle & Lind- 
™ Z£Zt m04;S-ll8 93 Stockholm (SE). 



S M^KmS^MX. NO, NZ.PL.Fr. RO. RU. 
S^SE. SO. SI, SK, SL. TJ^ TO TT^TZ UA^UG. 
UZ VN. YU. ZA, ZW, ARIPO patent (GH, GM, .KB, LS. 
VfW SD SL, SZ TZ, UG. ZW), Eurasian patent (AM, AX. 
nv KG KZ MD RU, TJ, TM), European patent (AT, BE. 
CH CY DE. d£ ES PI HL GR. E, IT, LU. MC. 

GN. GW, ML, MR, NE, SN. TD. TG). 



Published 

With Unemotional search report. 

Before the expiration of the time limit for amending the 
ctZ and 7be republished in the even, of the receipt of 
amendments. 



L__^^ of ima^eT 



I (57) Abstract 

In a method and a de- 
vice for partial encryption and 
progressive transmission of im- 
ages, a first section of the im- 
Se file is compressed at reduced 

quality without decryption, and 
a second section of the image 
file is encrypted. Users having 
access to appropriate decryption 
keywords can decrypt this sec- 
ond section. Tne first section 
together with the decrypted sec- 
2d section can then be : viewed 
as a full quality image. The stor- 
age space required for stonng the 
first and section together is ; «- 
sentially the same as the stor- 
age space required for stonng 
the unencrypted full quality im- 
age. By using the method and 
device as described herein stor- 
a£e and bandwidth requirements 
for partially encrypted images is 
reduced. Furthermore, object 
based composition and process- 
ing of encrypted objects are fa- 
cilitated, and ROIs can be «- 




LOW 

Qualit 
Image 



2SS Z£>TsZ ROI - be encrypted and die origina, 



object can be decrypted and restored in the compressed domain. 
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A METHOD AND A DEVICE FOR ENCRYPTION OF IMAGES - 

TECHNICAL FIELD g fQr 

The present invention relates to a metnoa aa 
encrypting images. 

BACKGROUND OF THE INVENTION AND PRIOR ART 

™tion of digital data is a technical field which heco.es 
™ant when transmitting and storing secret information or 
formation which only shall be available to a user payrng f or 
the information. Thus, several methods for ^^IZ Lo 
data are in frequent use. Such methods can also be applied also 
data are in q MiDies of encryption methods are DES, 

to digital image data. Examples oj. «= it- 
triple DES and the public-key RSA method. 

a be stored on servers and distributed over a 
Digital images can ^J*°*f data> can also 

Lvice providers. ^ ^^^^ 

their business model. In this ^ ^ ^ 

offer Facial access t one set ^ ^ ^ 

^r-Tt; ^ - — *- — ful1 access 

to all image data. 

* «m e a be offered for sale on the Internet. 
News photographs can e.g. be rs to downl0 ad a 

The service provider wants to allow evaluatio n. 
version of the image with reduced quality for ev ^ 
Tournals that want to publish an image, pay for 
journals, tn quality image, 

are then allowed to download a tun qu 

• r^ovider wants to minimize storage space 
However, such a service provider wan alte rnatively 
^ download bit rates. An .mage ^^l^s are given 
„ t to distribute images on e ^ ^ ^ ^ ^ ^ a 

away or sold for a low price, cu ^ ^ 

re^ quality, but they must „ use the storage 

ouality in the case the xmage provider wan 
fpace on the CD-ROM as efficiently as possible. 
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It is also essential that customers always can access xxnages 
using user friendly, standardised software. Image providers are 
reluctant to design and support special image viewers and 
customers don't want a proliferation of viewing tools. 

Presently, image providers have to store two versions of the 
images stored. The full quality version is stored as an 
encrypted image file. This means that the image fxrst is 
jessed and stored in a compressed file format such as ^ 
or GIF The compressed file is then encrypted using a suitable 
encryption tool and an encrypted image file is stored The user 
mU st first decrypt this file and then access the resulting 
compressed image file using an image viewing tool. Reduced 
quality images are produced by processing the ful1 J 3 ^*^ 
Lges in an image editing program. They are stored as separate 
compressed image files. 

The problems with this solution are that at Last two 

versions of the same image heed to be stored, and that both 

= must also be transmitted over the network in case of 
versions must also be ^ ^ ^ ^ free 

remote access in the case a c resolution 
low resolution image before paying for the full 

version. 

^is results in a significant disadvantage if the reduced 
Ttiis rebu fraction of the image 

version image contains a ^ journals wou ld 

information. Images that are of 

in particular ^ detaile d understanding of 

since 3 oumal editors wan fcy fQr 

the image content and accepts only y lQ . 50% of the 

printing. The reduced quality xmage could requxr 
storage space of the full quality image. 

which xs descrxo inc ludes many new 

Verification Model Version 2.0, coding 

funct ionalities in ^ for creating a 

techniques. They include, xn partxcu ar tion doma in 

wide range of progressive image formats. 
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can select a suitable progression -ode. Individual objects 
ZZ images can b. accessed separate^ in tbe o» «» 
bicstream and progressive transmission can be appl-d^so to 
objects, in JPEG 2000 tbere is also support for independently 
decodable coding units. 

SUMMARY , 
It is a* object of the present invention to overcome the 
problems as outlined above and in particular to reduce the 
Tount of memory required forstoring an i^age, whxch partially 
shall be possible to view, and also to reduce transmxssxon time 
in a transmission scheme transmitting partially encrypted 
images • 

This object and others are obtained by a technique for partial 
encryption and progressive transmission of images where a^st 
section of the image file can be decompressed at reduced quality 
section o quality image is not 

without decryption, i.e. the first low qu j 
encrypted, and where a second section of the image file 
encrypted . 

Th u, users -ng access to ^^^^^ Z 
decrypt this second section. The fir y 
decrypted second section can then be viewe ^ 
i„age. The storage spac, >»££lL s JT^L. storage space 
-rr^ 6 runencUted full quality image. The 
required for ^ * ion depending on the 

encryption of the secon on o£ the second 

encryption method, imply a siigi"- i- 
section compared to the unencrypted second section. 

lso be partitioned into multiple sections where 
The ^. C ^ S ; e b ; n ^ C ed with an individual encryption 
each section may be encryp unencrypted. 
me thod and Keyword, some as described 

An important element of the method «-*™« o£ 
herein is that the compressed images con ist Jf ^ 
independently decodable coding unit CO . coinpres3ed 
possible to perform encryption operations in 
domain without performing entropy decoding. 
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R reduced quality image can be prcduced according Co several 
different main schemes, such as: 

1) Reduced resolution 

2) Reduced accuracy of the transform coefficients 

3) Exclusion of predefined regions of interest [ROD 

T^ese methods can be combined so that a reduced quality image is 
T 9 produced by reducing both the resolution and the accuracy 
of the transform coefficients. 

By using the method and device for storing and transmitting 
ILge data as described herein, several advantages are obtained. 
Zul. there is no need to store two different versions of an 

image data. 

—JZZZZZZZZ described in more detail and 
„itb reference to the accompanying drawings, rn whrch. 

4= -v,~ -file structure of an image. 
X is a general view of the £1U *ruc ^ ^ 

2a and 2b shows encryption of images co 

the JPEG 2000 standard. carried out 

Fig. 3 is a flow chart illustrating some steps earn 

wnen encrypting an a client se rver process. 

- Fig. 4 is a diagram illustrating a 
. pig . 5 is a view of an encryption header 

DETAILED DESCRIPTION struc ture of an original, 

in Fig- 1, a general view of the fix ^ me 

high resolution, J^^^'^^^ly ^ ^ 

consists of a number of file structure shown in Fig. 

sections 101. 103 and 105 In the ^ version of a high 

lf the section 101 which x. a ^ ^ therefore 

resolution image, is coaeu 
be possible to decode by any receiver. 
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The section 103. which comprises data, which combined with the 
The section l. resolution version of 

/re o-ron iL 9 e. is encrypted nsin g a first enctvption 
and only receivers having access to the correct 
action Key will he ahle to decode the data stored in the 
section 103 . 

r,^i-a which combined with the 
rnv^ action 105, which comprises data, wnxcn uu 
^a of section 101 and 103 results in a full resolution version 
Tt t*e high resolution inage. is encrypted using a second 
election method, and only receivers having access to the 
suction *ey will be able to decode the data stored in the 



section 105. 



— ° £ ^ 'I'?;; ^ryPtLr^afd doling of the 

"Ton^l ™- -«rr ^ data fro. the section 
section 103 will, comu Decryption 113 and 

101 -To* - - _ 

fr^e eectTJ 101 and 103 result in a full resolution i*age 



115. 



^rther.ore. indentation in ~ ™™ a %%££L 
„. see Charilaos *- ^ ^ ^ 

range of progressive modes can be supported. 

*-i ? o a coding unit is a part of 
In « 2000 -"^"^t^ific "tplane of a given 
* Triratodingtlt can be described as any 

suhband. in °°^ c o£ image in£o r»ation. The general 

independently bicstreajn or der is to include so 

mechanism for specifying (it ig 

si 1-^; -o:r;r savmg - - « 

are needed for inserting explicit tags. 
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I, rigs. 2a and 2b block diagrams describing bow encryption can 
be implemented in tbe JPEG 2000 encoder and decoder 
respectively, are shown. 

Thus in Fig 2a a bloc* diagram where encryption is performed 
liter entropy coding in tbe encoder is shown, coding unrts enter 
an entropy coding bloc. 201. In the bloc, 201 coding the coding 
units are entropy coded using some suitable entropy code^ The 
output from tbe block 201 is fed to a selector which selects a 
suitable encryption method for each entropy coded coding unit, 
some coding units can be selected to not be encrypted at all. 

in response to the selection made in tbe selector 203 the 
entropy coded coding units are encrypted in a block 205. The 
encrypted coding units together with tbe not encrypted codmg 
unicf -then form a combined output data stream which can be 
stored or transmitted. 

in Pig 2b a decoder for decoding tbe bit stream generated by 
L ZLr in Pig. 2a is shown. Thus, first ^ 

which selects a suit reoeived coding unit is not 

coded coding unit, or if the receiv 

encrypted it is directly transmitted to a block 255. 

,-„ tbe selection made in the selector 255 the 
in response to the sele ed in a block 253 using a 

entropy coded coding units are coding ^ are 

suitable -cryption axgor it£ * e^ryp^ ^ ^ 
then fed to the block 255^ I ^ ^ decryptio n 

from fed directly from the selector CMbin ed 
bl ock 253 are entropy £L which is fed 

output data stream corresponding to the data 
to the entropy coding block 201 in Fig. 2a. 

Ea ch coding **^ZZ?Z£ZZ ^edtlook. 
Fig s. 2a and 2b xs handled - - separate ly with any user 
Ea ch coding unit can units in tbe sa„e image 
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encryption method used can further be an encryption ^orith. 
Coined with a Keyword or a method for generating Keywords. 

Different encryption methods can in such an embodiment have 
rf ^ical algorithms but different keywords. Encryptron Method 
identical algoricnms qlobal data 

Description (EMD) as shown in Figs. 2a and 2b is any gl 
such as session Keywords or algorithm identifiers that i «eded 
C o specify the Encryption Method. Dnit Encryption State (DBS) is 
a sy^l that for each coding unit defines how it is encrypted. 

Xn Fig. 3, a flow chart illustrating different steps carried out 
when encrypting an i^nage are shown. First, in a step 301. an 
I^e toTe partially encrypted is received. The image received 
Tstep 301 is then coded using a coding algorithm grating 
independently decodable coding units, e.g. OPEG 2000. in a step 



303, 



in step 303 are encryp be ^ ted 

such as DBS. The coding units that are cnose 

be set in accordance with user P"^™ ™ ^Trder 
ch ose to have coding units ootresponding to «°Xs. big ^ 

bit . pla nes d etc^enctypt, *^^ a ™ merged into a 
and the coding units wnicn ^ 
single bit stream. 

v. r- n-nustrating a client- server process, 
in Fig- 4, a flow chart lllUStr ^ according to the method as 
wh en transmitting an image encode* -cordi^ ^ & ^ 

desC ribed in ^^T^' ^ client ,0! can then issue 
401 is connected to a server na rticular image, step 

a request towards the server 403 for a particul 



405. 



ift , reDlies by transmitting the coding units of the 
The server 403 replies by encrypted 

imag e which are not encrypted step ^ T ^ ^ ^ 
coding units can be decoded by the cli ^ 
access to a low resolution version or ^ part ^ & 

Based on this ^ ^ — " " * ^ 

the image in a higher resoiu 

substitute sheet (rule 26) 
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client transmits a request to the server requesting such 
information, step 409. 

The server replies by sending a request to the client requesting 
the client to agree to the conditions for transmitting the 
higher resolution version of the image, step 411. If the client 
agrees via a message 413, e.g. comprising a card number or 
account number from which to bill the cost for the image, the 
server sends the encrypted coding units together with a key word 
by means of which the encrypted coding units can be decrypted, 
step 415 A secure method for key distribution should be used. 
Examples of such secure methods are described in W. Stallings 
-Data and computer Communications", p 635 -637. Prentice-Hall 
1997 fifth edition ISBN 0-13-571274-2. 

If the client already has access to the unencrypted and 
encrypted coding units, for example if he has purchased a CD-ROM 
withlmages coded as described herein. The scheme as described 
in conjunction can be modified so that no image data xs 
transmitted, instead the client only agrees to condr tx-u set by 
the server in order to have access to the key word s) which are 
required to decrypt the encrypted coding unxts of the CD-ROM. 

In the case when the method anc . device as described herein. ^ 

US ed when encoding ™ not st andardise 

i. ~ageous x f the a»2D ^ ^ ^ ^ 

enCryP h r d er Encryption Tag that is merged with 

r -oToo IZ can instead be used to specify how coding 
units are decrypted. 

WH™.nt the JPEG 2000 iraage header contains an 
In such an -*">^ % thM sec i£ my cod ing unit is 
Encryp tion rla^BF, » ^ ^ be appended to 

^header and encryption Ration can 
optionally be merged into JPEG 2000 Tags. 

xn Eig. S an encryption header is shown, ^e Encryption Header 
can in such an eminent contain the followrng sy^ols. 

SUBSTITUTE SHEET (RUtE 26) 
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1) Encryption Mode (EM) . A set of standard encryption modes are 
defined e.g. 

a) One encryption method is used for all. coding units 

b) Bitplanes of less significance than bitplane X are encrypted 

c) Subbands of higher resolution than Y are encrypted 

d) ROIs specified in are encrypted, etc. 

No encryption information need to included in the Tags if an EM 
is defined. 

2) Encryption Mode Parameters (BMP). Parameters (X, Y, ...) that 
are used to define the Encryption Mode are set here. 

3) Number of encryption methods used. Several encryption methods 
oan be used within the same image if e.g. different user groups 
should be allowed to see different image content. 

m *->^ n^cribtor (EMD) for each encryption 

4) One Encryption Method Descriptor 

method The EMD defines any data that is needed by the 

ls aefined. A typical use o £ BHD will be to -Y»° * 

that is encrypted by a public key algorithm. The user s^p 

decrypted Key rs J^J^Zla. all ocates an number to 

in.ege coding units. The order o£ the end syntoo i s . 

«4-v,^ This number is used m ut,^ symuu 
each encryption method. This numre 

^T^J^j^ZZZ^ reader or 
syetools could «^ er . n che bitstream as encryptron 

alKrM " t formation is Kept in the encryption header we 
tags. If the UES inroi consists of 

d ef ine a header element - Encryption . State ES) . ^ 
a series of UES symbols that are listed in the 
coding units appears in the bit stream. 

IF EF is set and the Encryption State is not given in the 

SUBSTITUTE SHEET (RULE 26) 
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header JPEG 2000 Tags can be expanded to contain Unit 
^ i=n State (D ES» symbols. OES defines which encryption 
«thcl if any, that is used for encrypting the next coding 
unit . 

The transfer,, coefficients belonging to a RO! can be handled as 

Scribed above. They can be completely or 

hy selecting appropriate coding units belonging to the ROI 

encryption. 

T he -in problem is that the shape of the H might -eel the 
content. If the shapes are encrypted it is. 
to show a reduced quality linage since it is difficult to 
interpret the coded transform coefficients. 

„i „ ~n be solved by defining a so called cloaking 
*" T Thus the rial shape of one or several ads are 

shape is a bounding box. 

-• ^o-r i n the JPEG 2000 bit 
A C - S hape is treated -^/^ren^ion as described in 
stream. The c-shape xs coded Verificatio n Model 

Charilaos Chrxstopoulos («dJ. ^ therein 

Version 2.0. Accordxn to the tec *u ^ ^ ^ ^ 

this would result in that the snap 

header . 

r shaoe and the transform 
K mas* is created X * coded and encrypted 

coefficients herein. This will result in that 

using the method as descrlb are shielded 

a ll coefficients belonging to any of ^ ^ 

by the c-shape are encrypted. The text 
protected by encryption. 

.or* »re encrypted and stored e.g. in the 
T he shape of the J^^^ header contains pointers that 
encryption ^'^^Tith the corresponding c-shape. 
!inxs encrypted ROI shape hac.ground. The c- 

The decoder can now aecoae 
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shape can be displayed as a blan* region. The 

be Lead- if the keyword is Known. This is done by *~»*>* 
L coefficients belonging to the c-shape. The shape of each ROI 
belonging to the c-shape is also decrypted. The bit™ can 
now be rearranged so that the c-shape ^ ^ 

criginal ROI data structures are restored. Note that thrs 

done in the compressed domain. 

T he masK that is used for encoding a ROI is not ^ . 

in jpeG 2000. A mask that is sufficiently large so that the ROI 
is encoded lossless will often cover the whole lower subbands . A 
" Hhat is not allowed to expand will lead to a lossy encoding 
r t h ROI. The masks belonging to different ROIs or to a HOI 
ana the background can be designed to overlap. This means that 
some coefficients are encoded in more than one ROI Such 

\ will lead to a reduced overall compression but the ROIs 
overlap will lead to a r accessed and decoded 

are more independent so that any ROI can be accesse 

with a good visual result. 

m ~t-Hor! for ROIs described herein is not 
T o Ik L long as the mas* is selected 
c^eVonceut of a « cannot, reconstrncted from £ ^ 
ccutent of any other ROX or background. » ^ ^ 

-* — ?! TeT 00 Verification Model version 2.0. 

Christopoulos (ed.). J?E<3 

, k ■ „„, device as described herein storage and 
By using the method and devlce * encrYP ced images is 
handwidth requirements for j^ 1 ^^ ^ processing of 
Educed, rurthermore. Ld ROXs can be encrypted, 

encrypted ^^Y^an ^ encrypted and the original 
recttanrL^tL and restored in the pressed domain. 

mother advantage is 

performed at the same trme as . 9 ^ ^ 

tb e process takes place rn the^c mp ^ ^ ^ ^ 

bitstream syntax) it". performed just before 

encryption. The -crypt-n can he P ° ^ ^ ^ ^ 
transmitting the image by a parser 
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hit-rate which will be the case 

transmitting it- 
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CLAIMS 

!. A B ethod of partially encrypting image data comprising the 

fading' the image data using an encoding algorithm generating 
independently decodable coding units, 

- encrypting at least one of the coding units, and 

- TerXg coding units which are not encrypted with coding units 
which are encrypted into a combined bitstream. 

2 a method according to claim 1. characterised in that the not 
encrypted coding units correspond to a low resolution version of 
the image data. 

3 & method according to any of claims 1-2, ch^aeterised in 
JL different coding units are encrypted using different coding 
methods . 

« A method aceording to any of claims 1 - 3. ch-aoterised in 
that an encryption flag, which indicates if a coding unit 
encrypted, is inserted in the bit stream. 

- i ' c -i _ / W hen information 
5 * m ethod according to any of claims 1 4, wh 

to a Region of interest is encrypted, 
corresponding to a Regio raaion of interest is 

characterized in that the shape of the region 
enclosed in a cloaking shape. 

a device for partial encryption of image data characterised 

W means for coding ^^^S^. 

one of the coding units and encr ypted with 

- means for merging ~£ ^ cofflbined bi tstream. 

coding units which are encrypted, as 

i » t to 6 characterized by means for 
7 . A. device according to claim , . corresponding 

selecting the not encrypted coding units as un 
seiei-uxi^ . imaqe data, 

to a low resolution version of the im g 
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8 k device according to any of dains 6-7, characterised by 
11 ^-encxypting **«— * ^ USi " 9 dlfferent 
coding methods. 

9 x device according to any of claims 6-8, * 
laL for inserting an encryption flag, which mdxcates if a 
coding unit is encrypted, in the bit stream. 

10 * device according to any of clains • - 1. cbaracteri.ed by 
10. A device a . interest shape in a cloaking 
means for enclosing a region of interest snap 

shape . 
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